The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.
- CVE-2024-38189 – Microsoft Project Remote Code Execution Vulnerability that allows for remote code execution via a malicious file
- CVE-2024-38178 – Microsoft Windows Scripting Engine Memory Corruption vulnerability allows unauthenticated attackers to initiate remote code execution via a specially crafted URL
- CVE-2024-38213 – Microsoft Windows SmartScreen Security Feature Bypass Vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file
- CVE-2024-38193 – Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges
- CVE-2024-38106 – Microsoft Windows Kernel Privilege Escalation Vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race
- CVE-2024-38107 – Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges
All the federal government agencies have to apply the patches before September 3, 2024.
